< ciso
brief />
Tag Banner

All news with #microsoft tag

835 articles · page 2 of 42

Microsoft Warns of Poisoned MCP Tool Risk

🛡️ New Microsoft research shows attackers can hijack AI agents by poisoning a tool's description so the agent quietly exfiltrates company data. The attack leverages MCP tool descriptions—plain text that agents read—to inject hidden instructions, allowing malicious actions without obvious rule violations. Microsoft recommends treating tool descriptions as system prompts, restricting approved tools, enforcing human approval for risky actions, and monitoring agent identities and behavior.
read more →

Microsoft strengthens bot protections for Teams

🔒 Microsoft introduced a Teams admin policy that prevents third-party bots from joining meetings without organizer approval. The feature, announced earlier in the Microsoft 365 roadmap, will roll out across Windows, macOS, Android, and iOS for multi-tenant and GCC customers. When enabled, Teams detects potential bots, places them in the lobby, identifies them clearly, and prompts organizers to admit them. Microsoft plans further controls such as allow lists, blocking policies, and audit reports to enhance visibility and governance.
read more →

Microsoft adds smarter bot protection to Teams

🛡️ Microsoft introduced a Teams admin policy that prevents third-party bots from joining meetings without organizer approval. The feature, announced in March, will roll out across Windows, macOS, Android, and iOS for standard multi-tenant and GCC clouds. When enabled, Teams detects potential bots, places them in the lobby, clearly identifies them, and prompts organizers to confirm admission. Additional controls planned include allow lists, blocking policies, reports, and audit logs to give admins greater visibility and control.
read more →

Microsoft extends Windows Server 2022 hotpatching until 2027

🛠️ Microsoft has extended hotpatching for Windows Server 2022 Datacenter: Azure Edition through October 2027, one year beyond the mainstream end date of October 2026. This extension is effective immediately and applies only to systems enrolled in Hotpatch updates, preserving the existing monthly hotpatch cadence. Hotpatching applies security fixes to in-memory code of running processes to avoid restarts, though updates from the regular channel still require reboots. The change helps maintain uptime and reduce servicing disruptions while non-hotpatch updates, such as non-security and .NET patches, still need restarts.
read more →

Optimizing PostgreSQL on Azure within VS Code

🔍 Microsoft highlights tighter integration for PostgreSQL on Azure by embedding performance tools directly into Visual Studio Code. The PostgreSQL extension centralizes query authoring, server metrics, Azure‑specific telemetry, and Azure Advisor recommendations to shorten detection-to-resolution time. Enhanced query plan visualization and AI‑assisted analysis help teams troubleshoot and tune queries faster, while schema‑aware authoring and Entra ID integration support secure, consistent workflows at enterprise scale.
read more →

Microsoft extends free Windows 10 ESU to 2027

📰 Microsoft quietly extended free Windows 10 Extended Security Updates (ESU) for consumer devices by one year, now covering devices through October 12, 2027. The change appeared in documentation updates and an editor's note on the Windows Experience Blog dated June 25, 2026. Enrolled users will remain covered automatically, and the consumer ESU remains unavailable for domain-joined or MDM-managed systems. The extension aims to give consumers more time to upgrade to Windows 11 or newer devices.
read more →

Microsoft named Leader in Forrester Wave 2026

🔒 Microsoft is recognized as a Leader in The Forrester Wave™: Endpoint Management Platforms, Q2 2026, reflecting Intune’s role in connecting identity, security, compliance, and AI governance across endpoints. The report highlights Intune’s cross-platform management, AI-powered Endpoint Privilege Management, and integrated Security Copilot features that enable faster remediation and device onboarding. Forrester also cited Microsoft’s partner strategy and licensing value as factors supporting enterprise adoption.
read more →

Amazon RDS Custom adds latest Microsoft SQL Server updates

🛈 Amazon RDS Custom for SQL Server now supports the latest Cumulative Updates (CU) and General Distribution Release (GDR) updates for Microsoft SQL Server, including SQL Server 2019 CU32+GDR (KB5090407) and SQL Server 2022 CU25 (KB5081477). These GDR updates address vulnerabilities described in CVE-2026-40370. You can apply the updates via the Amazon RDS Management Console, AWS SDK, or AWS CLI, and guidance is available in the Amazon RDS Custom User Guide.
read more →

CNAPP evolution: Microsoft aligns with cloud risk platforms

🔍 Cloud security is shifting from mere visibility to context-aware risk reduction across multicloud, Kubernetes, APIs, and AI workloads. The Frost & Sullivan 2026 Frost Radar positions CNAPP as an operational cloud risk platform that correlates posture, workload, identity, data, and runtime signals. Microsoft Defender for Cloud is highlighted among leading vendors for connecting findings into prioritized, actionable attack paths and enabling continuous risk validation across the application lifecycle.
read more →

Operation Endgame disrupts Amadey and StealC malware

🔎 Microsoft, Europol, and international partners executed Operation Endgame to disrupt infrastructure used by the Amadey and StealC malware families. The coordinated takedown targeted servers, domains, and related resources, seizing cryptocurrency and recovering millions of stolen credentials. Private-sector partners including Microsoft, ESET, Proofpoint, and IBM X-Force supported law enforcement actions across several countries. The effort also targeted SocGholish loaders and follows prior phases that disrupted other malware families.
read more →

StealC and Amadey: Infostealer Ecosystem Disruption

🔍 Microsoft analyzes how infostealers like StealC and loaders such as Amadey fuel a commodified cybercrime economy by harvesting credentials, cookies, and tokens from unmanaged devices. The post details methods of delivery (SEO poisoning, malicious ads, ClickFix, phishing), StealC’s data collection and C2 behaviors, and how stolen logs are monetized. It also describes a coordinated takedown on June 24, 2026, by Microsoft DCU and partners that disrupted hundreds of domains and C2 servers.
read more →

Windows 11 KB5095093 preview adds Point-in-Time

🛈 Microsoft released optional preview update KB5095093 for Windows 11 24H2 and 25H2, installing build 26100.8737 and introducing new features and bug fixes. The update offers a new Point-in-Time restore capability that captures VSS-based restore points for up to 72 hours and simplifies rollback of the OS, apps, and files. It also fixes a Recycle Bin filename confirmation bug and brings improvements across Secure Boot, Netlogon, File Explorer, Bluetooth, Widgets, accessibility, and networking.
read more →

Agentic cloud operations: insight to governed action

🧭 Agentic cloud operations use AI-powered agents to turn continuous observability into governed, auditable actions across the cloud lifecycle. Microsoft describes how Azure Copilot’s observability agent—now generally available—analyzes telemetry, traces dependencies, and surfaces grouped signals and contextual recommendations to speed incident resolution and reduce noise. Built-in governance and policy guardrails ensure actions respect controls and remain human-reviewed, while cost and usage intelligence integrate into developer tools to enable continuous optimization.
read more →

Defending AI Memory: Microsoft’s Multi‑Layer Strategy

🔒 Microsoft outlines a defense-in-depth approach to protect AI memory across storage, retrieval, model interaction, and user control. The post explains how memory transforms AI from stateless tool to learning collaborator, increasing attack surface and enabling staged attacks that persist beyond initial prompts. It summarizes protections in M365 Copilot including prompt-injection classifiers, Task Adherence checks, tenant policy controls, unified compliance, and audit logging integrated with Defender and Sentinel.
read more →

Microsoft confirms Windows 11 version 26H2 release

📰 Microsoft confirmed Windows 11 version 26H2 as the next feature update and has begun testing with Windows Insiders in the Dev Channel. The company says devices running Windows 11 24H2 and 25H2 can upgrade via a small 174 KB enablement package, while systems on 23H2 or older will need the full 6.5 GB update. Microsoft also published a whitepaper explaining the shared servicing model for these releases.
read more →

Microsoft fixes AutoGen Studio flaw enabling code execution

🛡️ Microsoft patched a vulnerability chain named AutoJack in AutoGen Studio that could allow a visiting webpage to coerce a developer’s AI agent into executing arbitrary commands on the host. AutoGen Studio is the graphical interface for Microsoft’s open-source AutoGen framework for multi-agent AI systems; the flaw was fixed during development and never shipped in a PyPI release. The issue affected developers who built from the main GitHub branch in a limited window and allowed attacker-supplied commands to be launched with the developer’s account privileges. Microsoft urges running AutoGen Studio only as a developer prototype in isolated, low-privilege environments and avoiding exposure to untrusted content.
read more →

One intrusion, two attackers: uncovering parallel threats

🔍 Microsoft DART describes a complex multi-stage intrusion where two unrelated threat actors operated simultaneously, blending ransomware tactics with stealthy reconnaissance and persistence. Investigators observed exploitation attempts against on-premises SharePoint, use of legitimate tools like Velociraptor, cloud tunneling, credential misuse, and DLL sideloading to maintain access and evade detection. Coordinated telemetry correlation and threat intelligence enabled containment and targeted remediation guidance.
read more →

Windows update breaks some Office OLE automations

🛠️ Microsoft’s June update has caused Office apps like Word and Excel to fail when launched via third-party software that relies on OLE automation. Affected integrations include CCH Engagement, Workpaper Manager, Zotero and dental systems such as Dentrix and Softdent, with users reporting files won’t open and no clear error is shown. Microsoft acknowledged the issue and is working on a fix, and also noted a separate cosmetic Recycle Bin filename display problem stemming from the same update.
read more →

Microsoft confirms Recycle Bin filename display bug

🛠️ Microsoft acknowledged a bug that causes the Recycle Bin confirmation dialog to show internal filenames (for example, $Rxxxxx.ext) instead of the original filename when permanently deleting a single item. The Recycle Bin view and restore operations continue to use the original filename. The issue affects all supported client and server Windows releases after installing the June 2026 security updates, and a fix is planned for a future update. Businesses can request a temporary workaround via Microsoft's Business Support.
read more →

Forrester TEI: 124% ROI from Microsoft Security

🔒 Microsoft commissioned Forrester Consulting to evaluate the economic impact of consolidating security with its AI-first, end-to-end platform. Based on interviews and a survey of customers, Forrester modeled a composite 10,000-employee B2B organization and projected $30M in benefits against $13.4M in costs over three years, yielding a 124% ROI and $16.6M NPV. The study highlights faster decisions, reduced friction, and improved defender productivity as key operational gains.
read more →